The class covers forensics tools, methods, and procedures used for investigation of computers, techniques of data recovery and evidence collection, protection of evidence, expert witness skills, and computer crime investigation techniques. Includes analysis of various file systems and specialized diagnostic software used to retrieve data.
Upon successful completion of this course, the student will be able to:
- Define and describe computer investigations
- Demonstrate correct methods of evidence gathering
- Use and evaluate various operating systems and file systems
- Equip a Forensics Lab with appropriate hardware and software
- Install, configure, and use various command-line and graphical software forensics tools
- Describe and compare various hardware devices employed by computer forensics experts
- Retrieve and analyze data from a suspect’s computer
- Create security implementation plans
- Summarize the evidence and write investigative reports
- Utilize the services of expert witnesses
- Recover file images, and categorize the data
- Examine and trace email messages
- Obtain and control digital evidence
